Issue when trying to login after update to Neos 2.0.6 (Access denied for method indexAction)

I’m having trouble to login to the Neos backend, after updating from Neos 2.0.4 (PHP 5.6) to Neos 2.0.6 (PHP 7.0).

I get a 403 response, PolicyEnforcementAspect.php reports access denied for method indexAction. User in question (admin) has roles TYPO3.Neos:Editor and TYPO3.Neos:Administrator. I’m certain that the user exists (if I don’t provide the correct credentials, I’m redirected to the login page).

Uncaught exception #1222268609 in line 63 of /var/www/neos/Data/Temporary/Production/Cache/C
ode/Flow_Object_Classes/TYPO3_Flow_Security_Aspect_PolicyEnforcementAspect.php: Access denie
d for method
Method: TYPO3\Neos\Controller\Backend\BackendController::indexAction()
Evaluated following 2 privilege target(s):
"TYPO3.Neos:AllControllerActions": ABSTAIN
"TYPO3.Neos:Backend.GeneralAccess": ABSTAIN
(0 granted, 0 denied, 2 abstained)
Authenticated roles: TYPO3.Flow:Everybody, TYPO3.Flow:AuthenticatedUser

My temporary workaround is to downgrade to Neos 2.0.4 (PHP 5.6), but I’d like to keep things up to date.

Any hints?

Do you have any custom ACL policies? If so could you share them?

There was someone else with a similar problem, turned out he was defining superRoles of a role from another package.

No custom ACL policies. At least none I’m aware of. How to check?

Look for Policy.yaml files in your custom packages

Thanks for taking a look into this.

No custom Policy.yaml.

$ find . -iname "Policy.yaml"

Appears to be fixed in Neos 2.0.7. Is this a known issue? I couldn’t find any related remarks in the CHANGELOG.

That’s confusing to me as well, neither the Flow or Neos log mentions anything related to that. Anyway glad it works.